General

TCP Talk Series -IV

Today we are going to discuss below topics:

  • TCP Congestion Mechanism
  • TCP Half Close
  • TCP Half Open
  • Simultaneous Open and Close
  • Telnet flow

TCP CONGESTION MECHANISM :

  • TCP (THE TRANSPORT LAYER) is unaware of of the network structure.
  • TCP believes that two nodes are directly connected. HOST TO HOST or END To END PROTOCOL.
  • If congestion exists in the network infra, TCP has no inherent way to know this.
  • Fundamentally the network congestion is know by TCP ACK missed or delayed.

https://tools.ietf.org/html/rfc5681

CONGESTION MECHANISM :

  • SLOW START
  • CONGESTION AVOIDANCE
  • FAST RETRANSMIT
  • FAST RECOVERY

TERMINOLOGY:

  • DATA IN FLIGHT : Data that has been transmitted but not ACK. “Bytes in Flight” is controlled by Send Window.
  • SRWND : Sender’s Receive Window .Advertised during 3-Way Handshake
  • ICWND : Initial Congestion Window.
    • Upper Boundary on how much data can be in flight.
    • The ICWND is called as Send Window/Initial Window/Congestion Window
    • The ICWND determine how much data can be sent in flight.
    • ICWND is the main WINDOW the sender determined what is the Maximum Quantity of bytes I will have in flight.
    • For example : Send Window is having 10000 Bytes. And 4000
      Bytes in flight.

SLOW START :

How fast out-of-the-gate?

Original TCP Implementation as per RFC793 transmit at full RWND after the 3 Way Handshake. After it get an ACK, it will again send the same Window.

THE PROBLEM : Exacterbated any existing network congestion.
THE FIX : SLOW START only a few segment at first and the “ramp-up”

IW ( INITIAL WINDOW/SEND WINDOW/ CONGESTION WINDOW) IN SLOW
START :

  • At the start of communication each device computes an IW, which is equal to CWND (Congestion Window).
  • The IW allows the sending device to transmit more than one segment before waiting for a ACK.
  • The WINDOW is based on the Senders Maximum Segment Size
    (SMSS).

29

  • For SLOW START Maximum of 3 Segments TCP Sender can send, not more than that.
  • In addition to the IW or CWND TCP builds and maintain another variable. That is SSTHRESH = Slow Start Threshold.
  • RULE :
    • 1. IF CWND < SSTHRESH == SLOW START ALGO
    • 2. CWND > SSTHRESH == CONGESTION AVOIDANCE ALGO
  • As per RFC 5681 the recommended this value to be best to set to largest possible value (65535)
  • SSTHRESH frequently referred to and modified during the operation of TCP.
  • Used to determine if the Slow-Start algo, or congestion avoidance algo should be used to set the CWND size.

SLOW START MECHANISM :

->For every ACK received, increase the CWND by up-to-one-MSS.

POINT TO REMEMBER HERE :

  • TCP most likely transmit segments in group. (Over a small Slice of time)
  • As each ACK received, it is paired with the Segment that was

Screen Shot 2017-10-26 at 8.35.56 AM

NOTE :

  • Their is no such things called as Receive Window (RCWN)
  • If their is no RCWN, then what is the MAX number of segment
  • TCP can send in a slice of time.

30

After Three Way Handshake, with Slow start Algo. The Congestion window is 3 Segments.

IW : 3 Segments

NOTE : TCP is not concern about Segment, its concern about Bytes.

Screen Shot 2017-10-26 at 8.36.05 AM

Screen Shot 2017-10-26 at 8.36.14 AM

Screen Shot 2017-10-26 at 8.36.23 AM

CONGESTION AVOIDANCE FAST RECOVERY and FAST RETRANSMITS :

NON CONTIGUOUS SEGMENT :

  • When TCP receive non contagious segment it assumes that network congestion is to blame.
  • Upon receipt of an out-of-order segment, TCP will not ACK it. But instead generate a Duplicate ACK of the previous ACK it sent.
  • For every successive segment received, that same duplicate ACK will be generated until the lost data is recovered.

Screen Shot 2017-10-26 at 8.36.32 AM

NOTE :

  • AFTER THE SENDER RECEIVE THE DUPLICATE ACK FOR #201. IT ASSUME THAT SEGMENT #3 GOT LOST.
  • AFTER PACKET LOST, TCP NOW MOVES FROM SLOW START TO CONGESTION AVOIDANCE.
  • FAST RECOVERY IS THE ALTERNATIVE TO THE SLOW START.
  • FAST RECOVER :
    • Alternative to the SLOW START time of Congestion.
    • Allows TCP to increase the CWND (Sender Window) faster than Slow-Start would.
    • Utilise congestion Avoidance algorithm to compute CWND and SSTHRESH values.
    • “Congestion” is determined by receipt of Duplicate ACK.

FAST RETRASMIT :

What is the retransmit time out value based on ? What are the other value help to figure out the Retransmit values.

From RTT (Round Trip Time) we calculate the value of RTO.

Once Sender receive the DUP ACK #3, it will not wait for RTO, It will queue that up for retransmission. That is called as Fast retransmit.

  • If the CWND > SSTHRES then the Congestion Avoidance will be the master.
  • Now the Congestion Avoidance will be in charge to increase the Congestion Window, actually its does faster then the slow start.
  • If some reason a Segment get lost and the RETRANSMISSION TIMEOUT actually timeout.

The FAST RETRANSMIT and FAST RECOVERY :

  • When the third Duplicate ACK is received, set ssthresh to no more than the value.
  • Retransmit lost segment and set CWND to SSTHRESH + 3* MSS This is artificially “inflates” the congestion window by the number of segments that have left the network and which the receiver has buffered.
  • For each additional ACK received, increment CWND by SMSS.
  • This artificially inflates the congestion window in order to reflect the additional segment that has left the network.
  • Transmit a segment, if allowed by the new value of CWND and the receivers advertised window.
  • When the next ACK arrives that ACK new data, set CWND to ssthres based on the equation. This term “deflating” the window.

TAHOE, RENO and FAST RECOVERY :
TCP started connections in slow start, and if a packet was lost, detected by either a timeout or the fast retransmit procedure, the slow start algo was reinitiated. Tahoe was
implemented by simply reducing CWND to it starts (1 SMSS at that time) upon any loss, forcing the connect to slow start until CWND grew to the value ssthresh.
On problem with this approach is that for large BDP paths this can cause the connection to significantly under-utilised the available bandwidth while the sending TCP goes though slow start to get back to the point at which it was operating
before the packet loss.
To address this problem the reinitiation of slow start on any packet loss was reconsidered. Ultimately if packet loss is detected by DUP ACK (Invoking fast retransmit) CWND is instead reset to the last value of ssthresh instead of only 1 SMSS.

This approach allows the TCP to slow down to half of its previous rate without reverting to slow start.

Fast recovery allows CWND to grow by 1 SMSS for each ACK received while recovering. The congestion window is therefore inflated for a period of time, allowing an additional new packet to be sent for each ACK received, until a good ACK seen.

TCP HALF-CLOSE :

INTRODUCTION

It takes three segment to establish a connection, it takes four to terminates one.
TCP data communication model is bidirectional, meaning it is possible to have only one of two direction operating.

  • The Half close operating in TCP closes only a single direction of the data flow.
  • Two half-close operations together close the entire connection.
  • Two half close operations together close the entire connection.
  • The rule is that either end can send a FIN when it is done sending data.
  • When TCP receives a FIN it must notify the application that the other end has terminated that direction of data flow.
  • The sending of a FIN is normally the result of the application issuing a close operation, which typically causes both direction to close.

TCP HALF CLOSE :
TCP supports a half-close operation.

Few application require this capability so it is not common. To use this feature, the API must provide a way for the application to say, essentially, “I am done sending data, so
send a FIN to other end, but I still want to receive data from the other end, until it sends me a FIN. The “BERKELEY SOCKETS API support the half close, if the application calls the shutdown() function instead of calling the more typical close() function. Most application, however terminate both direction of the connection by calling close.

NOTE : With the TCP half-close operation, one direction of the connection can terminate while the other continues until it is close. Few applications use this feature.

31

The first two segment are the same as for a regular close: a FIN by the initiator, followed by an ACK of the FIN by the recipient.
The operation then differs because the side that receives the half-close can still send data.

HALF OPEN :
A TCP connection is said to be closed if one end has closed or aborted the connection without the knowledge of the other end. This can happen anytime one of the peers crashed. As long as there is no attempt to transfer data across a halfopen connection, the end that is still up does not detect that the other end has crashed.

Repro :
R1—————R2
BGP connection established and Power off R2. You will able to achieve Half open state.

SIMULTANEOUS OPEN AND CLOSE :

  • It is possible, although improbable unless specifically arranged, for two application to perform an active open to each other at the same time.
  • Each end must have transmitted a SYN before receiving a SYN from the other side;
  • The SYN must pass each other on the network.
  • This scenario also required each end to have an IP address and port number that are known to the other end, which are rare for the firewall “hole punching” technique. If this happens it is called a simultaneous open.

EXAMPLE :

A simultaneous open occurs when a application on host A using local port 777 performs an active open to port 8888 on host B, while at the same tome an application on host B using local port 888 performs an active open to port 7777 on host A.

This is not the same as connection a client on host A to a server on host B, while at the same time having a client on host B connect to a conventional server on host A.

In that case both servers perform passive opens not active opens and the clients assign themselves different ephemeral port numbers. This result in two distinct TCP connections.
32

A simultaneos open requires the exchange of four segment, one more that the normal three way handshake. Also not that we do not call ether end a client or a sever, because both ends act as client and server. A simultaneous close is not very different, We said earlier that one side performs a active close, causing the first FIN to be sent. In a simultaneous close, both do With the simultaneous close the same number of segment are exchanged as in the normal close.

33

The only real difference is that the segment sequence is interleaved instead of sequential. Later we will see that simultaneous open and close operations use particular states in the TCP implementation that are not commonly excercised.

TIMEOUT OF CONNECTION ESTABLISHMENT :
There are several circumstances in which a connection cannot be established.
Repro Details : One side BGP configured other side BGP neighborship shut.

34

CLIENT SERVER CONNECTION ::

35

  • The interesting point here is that how frequently the client TCP sends a SYN to try to establish the connection.
  • The seconds segment is sent after 3 sec after the first, the third is sent in 6 sec after the second.
  • The fourth is sent 12 sec after the third and so on.
  • This behaviour is called as exponential back off.
  • Here the back off is deterministically twice the previous back off, where as in ethernet CSMA CD the maximum back off doubles and the actual back off is chosen randomly.

PATH MTU DISCOVERY :

  • It is the minimum MTU on any network segment that path between two host.
  • PMTU help protocol such as TCP avoid fragmentation.
  • Its accomplish based on ICMP messages.
  • To avoid the use of ICMP is called Packetization Layer Path MTU Discovery (PLPMTUD)
  • The process of PMTUD as follows :
    • TCP uses min MTU of the outgoing interface, or the MSS announced by the other ed, basic of Send MSS.
    • PMTU does not allow TCP to exceed the MSS announced the other end.
    • Note that the path MTU in each direction of a connection could be different.
    • Once the SMSS chosen, all IPV4 datagram sent by TCP on that connection have the IPv4 DF bit filed set.
    • There are numbers of problems with PMTUD when it operates in an Internet Environment with Firewall that blocks PTB messages.
    • Of various operation problems with PMTUD blackhole have been the most problematic although the situation is improving.

For more details on PMTU , please check Path MTU Discovery (PMTUD)

How Telnet Works?

The moment you type a character Telnet ask TCP to send that right away. Because it cannot be buffered the stuff. Application like Telnet, actually the data will be 1 or 2 bytes. But the header will be 20 bytes. So 20 bytes of overhead infront of it. That what TCP needs for reliability. Lot of reliability comes from the code bits.

Communication is established using the TCP/IP protocols and communication is based on a set of facilities know as a Network Virtual Terminal (NVT). At the user or client end the telnet client program is responsible for mapping incoming.

NVT uses 7 codes for char the display device referred to as a printer is only required to display the standard printing ASCII charters represented by 7 bit codes and to recognised
and process certain control codes.

Telnet Commands :

The Telnet Protocol also specify various command that control the method and various details of the interaction between the client and server. These commands are incorporated within the data stream.
The commands are distinguish by the use of various characters with the most significant bit set.  There are a variety if options that can be negotiated between a telnet client and server using commands at any stage during the connection.

3637

TELNET NEGOTIABLE OPTIONS
Many of the options listed above are self evident.

  • Suppress Go Ahead :
    The original telnet implementation defaulted to “half duplex” operations.
    This means that data traffic could only go in one direction at a time and specific action is required to indicate the end of traffic in one direction and that traffic may now start in the other direction. i.e This is similar to the use of “roger” and “over” by CB radio operators.
  • ECHO :
    The echo options is enabled, usually by the server, to indicate that the server will echo every character it receives. A combination of “suppress go ahead” and “echo” is called character at a tome mode meaning that each character is separately transmitted and echoed.

HOW TELNET WORKS FLOW :

  1. A user logged in to the local system and invokes a TELNET Program
    telnet 9.1.1.2
  2. The TELNET client is started on the local machine (if it isn’t already running). That client established a TCP established a TCP connection with the TELNET Server on the destination system.

383940

3. Once the connection has been established, the TELNET SERVER Negotiate.

TCP SEQUENCING DETAILS :

12 Bytes of data transfer with 20 bytes of TCP header.
NOTE :

Sequence Number = 1
ACK = 1
Relative SEQ Num = 13

Device 2 INITIATED a TELNET NEGOTIATED PACKET

41

Device 1 SENDS ACK TO THE TELNET NEGOTIATED PACKET
NOTE : Sequence Number = 1
ACK = 13

42

DEVICE 1 REPLY TO THE TELNET NEGOTIATED PARAMETERS
NOTE : Sequence Number = 1
ACK = 13

43

To be continued…..

TCP Talk Series:

  1. TCP Talk Series – I
  2. TCP Talk Series- II
  3. TCP Talk Series – III
  4. TCP Talk Series-IV
  5. TCP Talk Series- V
Advertisements

Categories: General, TCP

4 replies »

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s